All Internal Controls articles – Page 11
-
ArticleThird-party cybersecurity monitoring: Tips for keeping vendors honest
A continuous monitoring cybersecurity strategy for third-party risks goes a long way toward proactively identifying external vulnerabilities. At CW’s virtual Cyber Risk & Data Privacy Summit, a panel of experts shared leading practices.
-
ArticleBest practices to achieve a continuous assurance cybersecurity model
A panel of cybersecurity experts shared tips for achieving continuous assurance and getting necessary buy-in at CW’s virtual Cyber Risk & Data Privacy Summit.
-
ArticleCompany cybersecurity certifications: Business case and where to start
Rachael Pashkevich Koontz, senior corporate counsel of cybersecurity compliance at T-Mobile, shared her opinions on cybersecurity certifications and determining the right fit for certain organizations at CW’s virtual Cyber Risk & Data Privacy Summit.
-
ArticleFINRA sanctions compliance officer for AML failures
The Financial Industry Regulatory Authority has ordered a compliance officer to pay $25,000 for failing to establish and implement a “reasonably designed” anti-money laundering compliance program at the brokerage firm where he worked.
-
ArticleESG reporting: A summary of investor needs and wants
An investor-focused panel at a recent event shared views on investors’ perspectives about current and future use of ESG metrics and disclosures and where common ground can be found between the providers and users of the information.
-
ArticleHow Accor manages global data privacy compliance
Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.
-
ArticleIndictment: China-based Hytera stole trade secrets from Motorola
Hytera Communications allegedly conducted a scheme to systematically steal trade secrets from Motorola Solutions by hiring away Motorola employees who had developed its “walkie-talkie” product line, according to a federal indictment.
-
ArticleMicrosoft, Activision Blizzard, and importance of cultural due diligence in M&A
Rarely do cultural considerations play a role in M&A transactions, though they are often critical to the ultimate success of a deal. Microsoft’s planned acquisition of embattled video game developer Activision Blizzard offers a timely case study.
-
ArticleWestpac combines risk, compliance leadership; hires Ryan Zanin as chief risk officer
Australian bank Westpac announced it will combine the leadership of its risk and compliance divisions into one position under Ryan Zanin, who joins after most recently serving as executive vice president, chief risk officer at Fannie Mae.
-
PremiumEpilogue: What happened to Betsy?
The “patient zero” of fictional private utility company Vulnerable Electric’s ransomware crisis learns her fate.
-
PremiumChapter 4: Recovery and lessons learned post-ransomware attack
Whether fictional private utility company Vulnerable Electric pays the ransom or not in the aftermath of its cyber incident, the two pathways quickly splinter off in different directions with varied endings, each with important lessons to be learned.
-
PremiumRansomware case study glossary
The field of cybersecurity features a growing list of terminology to describe the many forms, channels, and motivations behind cyberattacks and hacking culture. Learn further definitions for some key terms featured throughout the ransomware case study.
-
PremiumChapter 3: Ransomware eradication prompts tough choice: To pay or not to pay?
No matter what, the deck is stacked against fictional private utility company Vulnerable Electric as it weighs whether to pay the $5 million ransom demanded by a cybercriminal who breached its systems. Which path do you take?
-
PremiumChapter 2, Part 2: Ransomware damage control and when to alert stakeholders
Systems at fictional private utility company Vulnerable Electric remain impacted in the aftermath of a ransomware attack, but the chief executive decides it’s time to be forthright with employees and customers.
-
PremiumChapter 2, Part 1: Containment key to ransomware defense
With Day 2 of fictional private utility company Vulnerable Electric’s ransomware crisis comes the need to grasp the extent of its situation. The cyber incident response team’s synchronized efforts are pivotal as time is of the essence.
-
ResourceWhite paper: The Dangerous Intersection Between OFAC and Ransomware
Read CSI’s The Dangerous Intersection Between OFAC and Ransomware white paper to understand how OFAC violations and ransomware present an amalgamated threat to all U.S. businesses, and how to address this threat in order to limit its potential for grave financial harm.
-
ArticleCW case study offers 360-degree view of ransomware attack
Learn through the eyes of the C-suite at Vulnerable Electric, a fictional private utility company impacted by a significant ransomware attack, as part of Compliance Week’s third case study.
-
PremiumChapter 1, Part 1: Betsy’s human error triggers ransomware crisis
When one of fictional private utility company Vulnerable Electric’s most dedicated employees falls victim to a social engineering hack, her actions in the immediate aftermath are crucial to what will soon become a crisis for the C-suite.
-
PremiumChapter 1, Part 2: All hands on deck in C-suite ransomware response
Following the events that triggered a double extortion ransomware attack, the CEO of fictional private utility company Vulnerable Electric mobilizes her cyber incident response team to begin assessing the path forward to dealing with the cybercriminal(s).
-
ArticleESG reporting: A summary of preparers’ perspectives
Preparers speaking at a pair of recent high-profile accounting and auditing conferences discuss current practices and the challenges their controllership teams face in ESG reporting and governance.